Saturday, May 26, 2007

So you want to play a trick on a friend? Here is an easy way to spoof an email address from within his own company. And him looking at the internet headers won't save him ;-)

So many times I hear people asking how to spoof an email sender address. This is a relatively easy task but I find so many false advertisements for software that say they can do it. Also this method is a bit different than using software to do it since if someone tries to determine that it is fake it will actually say it is from the proper email server.

This method will only work by spoofing email to and from people in the same organization, which in reality can be the most damaging ;-)

So lets start out with a little back story:

“Friend A” has decided to play a trick on “Friend B”, by sending a notice to “Friend B” that he has been fired from “Company A” by his boss. So how will we be able to do this? Easy we are going to send an email via Telnet!

So the first order of business is to find out what the email server address of “Company A” is. We can do this by locating the MX or Mail Exchange record of “Company A” To do this we can perform a nslookup query from the command line but sometimes it is easier to use a website for you new guys. So go here:

http://centralops.net/co/DomainDossier.aspx

Then type in the domain name of “Company A” which if your friend email address was friendb@companya.com, it would be companya.com. Then check the box next to “DNS Records”

Now after doing this you will see a whole slue of information, what we are looking for are the records labeled “MX” there will be more then one, which is fine. The one we are interested in is the one with the lowest number, which indicates it is the primary MX for the company. Now take the name of the mail server. For our purposes we are going to assume the name of the server is mail.companya.com and next open your favorite command line or terminal utility. In windows you get there by clicking “Start” then “Run” and then typing “cmd”. Next you will type the following

> telnet mail.companya.com 25

Telnet is the application we are going to use but in this case we are connecting to port 25 and not to the normal telnet port of 23. Port 25 is used for SMTP or the protocol used for email. You should get the following response back if you are connecting to an exchange server.

This is a really ~censored~ thing to do, or funny as hell depending on what side you’re on.(One man’s terrorist is another’s freedom fighter no?)So I’m assuming all that read this are reading purely for the educational aspect right? (Say Yes)

Ok, to make this paper short, the flaw is simple. It’s not a flaw in myspace, but in the way it’s setup. It’s not really a flaw at all, but oh well. It’s just the same as a mailing list. You sign up with your email, and unsubscribe by sending an email to an unsubscribe address with “unsubscribe” in the text field. When someone wants to legitimately unsubscribe to myspace, they open the form that does such, and unsubscribe. All that does is send an email from you (your account) to an email address that myspace uses for deleting accounts.

All you need to do is send an email from the victim’s email, to the server email used for removing accounts. This is very easy to do, very, no elite shell code programming involved or anything else.

The email address that myspace uses for account deletion is. cancelaccount@myspace.com This email address is being protected from spam bots, you need Javascript enabled to view it

Wow who would have thought it?When you do delete an account, if you look in the URL bar when you delete your own account, it shows the variable input used, and that’s how the email address was found.So what a no brainer, replace it with someone else’s.

So, just spoof an email from the target, with subject: delete, body: delete accountTo cancelaccount@myspace.com This email address is being protected from spam bots, you need Javascript enabled to view it

Well you’re wondering how to get someone else’s myspace email. There are limitless ways, but the easiest it to first, communicate with them via AIM or in person, and just tell them you have some funny pictures of them drunk at a party and you want to send them to him/her. They won’t resist. Just social engineer them.

Mitnick has written a great book on the subject, “Art of deception”.

Once you have there email send a spoofed email from there email, to cancelaccount@myspace.com This email address is being protected from spam bots, you need Javascript enabled to view it with the subject:delete and body delete accountI don’t think it matters what you put in the subject and body, since It’s automated I’m assuming, and it’s a computer that looks at those emails, not a person. If you don’t know how to send spoofed emails,

Go to Google and find a tutorial how to send spoofed emails to do such. You need to learn how to use Google if you want to play with computers. It is the best way to direct information other than reading books, or asking someone smarter than you who is willing to tell you. It’s really freaking simple. You connect to an SMTP server (use the one on your ISP) and issue it the commands to make and send an email.

That’s it, within 48 hours the account will be deleted. It works 100%, I have tested it out 100%.It is not instant; it takes up to 48 hours.If you were really evil, you could write a script or program that scans Google for email address’s, and then take those outputted address’s and send the requests to delete Myspace accounts on them. This is wrong though so I don’t advise anyone doing such. Also what is funny is that in High School or Middle School, most clubs and crap have mailing lists. Get access to one of those lists and it’s almost 100% assumed that all the addresses on those lists are kids who have myspace accounts.

Tuesday, May 22, 2007

1)Like Hitler, President Bush was not elected by a majority, but was forced to engage in political maneuvering in order to gain office. 2)Like Hitler, Bush began to curtail civil liberties in response to a well-publicized national outrage, in Hitler's case the Reichstag fire, in Bush's case the 9-11 catastrophe. 3)Like Hitler, Bush went on to pursue a reckless ultra-nationalist foreign policy without the mandate of the electorate. 4)Like Hitler, Bush has accordingly improved his popularity ratings, especially with veterans and conservative Republicans, by mounting an aggressive public relations campaign against foreign enemies. Just as Hitler cited international communism to justify Germany's military buildup, Bush uses Al Qaeda and the Axis of Evil to justify our current military buildup. 5)Like Hitler, Bush promotes militarism while in the midst of a major economic recession (or depression). He uses war preparations to help subsidize defense industries (Halliburton, Bechtel, etc.) and presumably the rest of the economy on a trickle-down basis. 6)Like Hitler, Bush glorifies patriotism to stir up public support. He treats our nation's unique historic destiny almost as a religious cause sanctioned by God. 7)Like Hitler, Bush quickly makes and breaks diplomatic ties, and he makes generous promises that he soon abandons, as in the case of Mexico, Russia, Afghanistan, and even New York City. 8)Like Hitler, Bush envisages a future world order that guarantees his own nation's hegemonic supremacy rather than cooperative harmony under the authority of the United Nations (or League of Nations). He is willing to break the U.N. Charter in promoting this end. 9)Like Hitler, Bush scraps international treaties, most notably the Anti-Ballistic Missile Treaty, the Biological Weapons Convention, the Comprehensive Test Ban Treaty, the Convention on the Prohibition of Land Mines, the Chemical Weapons Convention, the Kyoto Global Warming Accord, and the International Criminal Court. 10)Like Hitler, Bush depends on an axis of collaborative allies, which he describes as a "coalition of the willing", to give the impression of having a broad popular alliance. These include the U.K. as compared to Mussolini's Italy, and Spain and Bulgaria as compared to, well, Spain and Bulgaria, both of which were aligned with Germany during the thirties and World War II. 11)Like Hitler, Bush possesses a war machine much bigger and more effective than the military capabilities of other nations. Today, Bush depends on a "defense" budget roughly equivalent to the combined military expenditures of the rest of the world. 12)Like Hitler, Bush is willing to invade other nations despite the opposition of the U.N. (League of Nations). He also has no qualms about bribing, bullying and insulting its members, even tapping their telephone lines. 13)Like Hitler, Bush pursues war without cutting back on the peacetime economy. He actually seeks to reduce taxes while conducting an expensive invasion and occupation of an "undesirable" nation. 14)Like Hitler, Bush launches unilateral invasions on a supposedly preemptive basis. Just as Hitler convinced the German public to think of Poland as a threat to Germany in 1939, Bush wants Americans to think of Iraq as a "potential" threat to our national security. 15)Like Hitler, Bush is willing to inflict high levels of bloodshed, with many thousands of casualties anticipated in Iraq, especially since the city of Baghdad--with a population of between 5 and 6 million--will be a primary target. 16)Like Hitler, Bush depends on a military strategy that features a "shock and awe" blitzkrieg beginning with devastating air strikes, then an invasion led by heavy armor columns. 17)Like Hitler, Bush is perfectly willing to sacrifice life as part of his official duty, as indicated by his unique record as a governor of Texas who was reluctant to commute death sentences. 18)Like Hitler Bush began warfare on a single front (Al Qaeda quartered in Afghanistan), but then expanded it to a second front with Iraq, only to be confronted with North Korea as a potential third front. Much the same thing happened when Hitler expanded German military operations from Spain to Poland and France, then was distracted by Yugoslavia before invading the USSR in 1941. 19)Like Hitler, Bush has no qualms about imposing "regime change" by installing Quisling-style client governments reinforced by full-scale military occupation under a military governor. 20)Like Hitler, Bush curtails civil liberties and depends on detention centers (i.e. concentration camps) such as Guantanamo Bay. 21)Like Hitler, Bush repeats lies often enough that they come to be accepted as the truth. Bush and his spokesmen argue, for example that every measure has been taken to avoid war (hardly true), that an invasion of Iraq will diminish (not intensify) the terrorist threat to the world, and that the U.S. is staging an invasion because the risks of inaction would be greater (not less). All of this is highly debatable. They likewise argue that Iraq is linked with Al Qaeda (which has yet to be proven), and that nothing whatsoever has been achieved by U.N. inspectors to warrant the postponement of U.S. war plans (which simply isn't true). They insist that Iraq hides numerous weapons it does not possess as well as can be determined by U.N. inspectors, and they refuse to acknowledge the total absence of any nuclear weapons program in Iraq since the late nineties. As perhaps to be expected, they indignantly accuse everybody else of deception and evasiveness. 22)Like Hitler, Bush incessantly finds new excuses to justify war from Iraq's WMD threat to the elimination of Saddam Hussein, to his supposed Al Qaeda connection, to the creation of democracy in the Middle East as a model for neighboring states, and back again to the WMD threat. As soon as one excuse for war is challenged, Bush shifts to another, but only to shift back again at another time. 23)Like Hitler Bush and his cohorts exaggerate ruthlessness by their enemies in order to justify their own. Just as Hitler cited the threat of communist violence to justify even greater violence on the part of Germany, the Bush team justifies a full-scale invasion of Iraq by emphasizing Saddam Hussein's crimes against humanity that were for the most part committed when Iraq was a client-ally of the U.S., supplied with both advisors and materiel (poison gas included) by our own government. 24)Like Hitler, Bush's Messianic ambition to bring about America's hegemonic dominance in the world makes him perhaps the most dangerous President in our nation's history, a rogue chief executive capable of waging any number of illegal preemptive wars. 25)Like Hitler, Bush has become so obsessed with his vision of a Manichaean conflict between good (U.S. patriotism) and evil (the anti-patriotic "other") that for many in contact with the White House he is beginning to seem as if he has lost touch with reality. 26)Like Hitler, Bush takes pleasure in the mythology of frontier justice. As a youth Hitler read and memorized the western novels of Karl May, and Bush retains into his maturity his fascination with simplistic cowboy values. He also exaggerates a cowboy twang despite his elitist education at Andover, Yale and Harvard. 27)Like Hitler, Bush misconstrues evolutionary theory, in Hitler's case by treating the Aryan race as being superior, in Bush's case by rejecting science for fundamentalist creationism.